Passport cards called security vulnerability

The State Department will soon begin production of an electronic passport card that security specialists and members of Congress fear will be vulnerable to alteration or counterfeiting.

The agency has contracted with L-1 Identity Solutions Inc. to produce electronic-passport cards as a substitute for booklet passports for use by Americans who travel frequently by road or sea to Canada, Mexico and the Caribbean.

About the size of a credit card, the electronic-passport card displays a photo of the user and a radio frequency identification (RFID) chip containing data about the user. The State Department announced recently that it will begin producing the cards next month and issue the first ones in July.

Security specialists told The Washington Times that the electronic-passport card can be copied or altered easily by removing the photograph with solvent and replacing it with one from an unauthorized user.

James Hesse, former chief intelligence officer for the Immigration and Customs Enforcement Forensic Document Laboratory, which monitors fraudulent government documents, said the card should have been designed with a special optical security strip to make it secure and prevent counterfeiting. The selection of a card with an RFID chip is “an extremely risky decision,” Mr. Hesse said in an interview.

“The optical strip has never been compromised,” he said. “It’s the most secure medium out there to store data.”

Joel Lisker, a former FBI agent who spent 18 years countering credit-card fraud at MasterCard, said the new cards pose a serious threat to U.S. security. “There really is no security with these cards,” he said.

Mr. Lisker, a consultant to a competitor for the electronic-passport card contract, said the State Department’s selection of the RFID card shows it favors speedy processing at entry points more than security. He charged that the department “will not make changes until it is satisfied that compromises are occurring on a regular basis.”

The State Department rejected a more secure card because it is “surrendering to speed over security, essentially creating new vulnerabilities. … It will not take long for the bad guys to figure out which ports have readability and which do not,” he said.

Steve Royster, a State Department spokesman, declined to comment.

Another State Department official, however, said the agency thinks the RFID passport card is secure.

“The passport card is the result of an interagency effort to produce the most durable, secure and tamper-resistant card for the American public using state-of-the-art, laser-engraving and security features,” said the official, who spoke on the condition that he not be identified.

Members of Congress have raised concerns about the new card in a bipartisan letter to Secretary of State Condoleezza Rice and Homeland Security Secretary Michael Chertoff.

“We have serious concerns regarding the final card chosen for the Passport Card,” the April 25 letter states. It was written by Reps. Brian P. Bilbray, California Republican, and Christopher Carney, Pennsylvania Democrat. Seventeen Republicans and one Democrat signed the letter.

“Each card will carry the same rights and privileges of the U.S. passport book with the exception of international air travel. As such, the cards will be used not only to cross the border, they will also be used throughout the interior United States as proof of citizenship and identity in everyday transactions; as a proof of identity in [Transportation Security Administration] lines, to enter federal buildings, to engage in financial transactions, and to obtain driver’s licenses,” the letter said.